We released a new technical whitepaper titled:
"Identifier based XSSI attacks"

URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf

Summary:
Some new attack techniques and browser vulnerabilities regarding XSSI
(Cross-Site Script Inclusion) are explained. In the attacks, a method
of treating data as a client side script's identifier was employed to
steal the cross-origin data such as CSV, JSON and so on.

Relevant CVE numbers:
CVE-2014-6345, CVE-2014-7939

Other white papers released last year are available here:
http://www.mbsd.jp/insight.html